Chapter 8
Information Security and Cyber law
Digital
Society
A modern,
progressive society that is formed as a result of the adoption and integration
of information and communication technologies (ICT) at home, work, education
and recreation, and supported by advanced telecommunications and wireless
connectivity systems and solutions.
Digital
divide
Internet
access and computers is now a lifeline for students, but many don't have
access. A digital divide is an economic and social inequality with regard to
access to, use of, or impact of information and communication technologies
(ICT).
The term
digital divide describes a gap in terms of access to and usage of information
and communication technology. It was traditionally considered to be a question
of having or not having access.
The terms
also describe the discrepancy between those who do not have the skills,
knowledge and abilities to use the technologies and those who do not. The
digital divide can exist between living in rural areas those who living in
urban areas, between the educated and uneducated, between economic and social
classes and on global scale between more and less industrially developed
nations.
The three
aspect of the digital divide
1. Digital
divide caused by access of ICT: It is based on the difference
between individuals or countries with access ICT and those without access to
ICTs.
2. Digital
divide caused by usage of ICT: It is based on individuals who
know how to use these technologies and those who do not.
3. Digital
divide caused by usage quality: It is based on the differences
between those same users or the user of the same category, but with the
different level of knowledge and skills on ICT and its use.
Computer
Ethics
Computer
Ethics is a set of moral principles that govern the behavior of an individual
or group of people regulate the use of computers. Computer ethics is the
application of moral principles to the use of computers and the Internet. Some
common issues of computer ethics include intellectual property right such as
copy righted electronic content, software piracy, privacy confidentiality
concerns, artistic works and how computer affect society.
Computer
ethics also has been used to refer to a kind of professional ethics in which
computer professional apply codes ethics standard good practice within their
profession. It is also called as “Cyber-ethics” or “Internet ethics”.
Commandments
of Computer Ethics are:
1. You shall
not use a computer to harm other people.
2. You shall
not interfere with other people's computer work.
3. You shall
not snoop around in other people's computer files.
4. You shall
not use a computer to steal.
5. You shall
not use a computer to bear false witness.
6. You shall
not copy or use proprietary software for which you have not paid (without
permission).
7. You shall
not use other people's computer resources without authorization or proper
compensation.
8. You shall
not appropriate other people's intellectual output.
9. You shall
think about the social consequences of the program you are writing or the
system you are designing.
10. You shall
always use a computer in ways that ensure consideration and respect for other
humans.
Information
Security
Information
security is a set of strategies for managing the processes, tools and policies
necessary to prevent, detect, document and counter threats to digital and
non-digital information. Protection of assets, resource, data, files or
anything that has value is the primary goal of information security. It is the
part of information risk management. There are some basic components of
information security are:
1. CIA Triad
The core
principles of cyber security are Confidentiality, Integrity and Availability.
It is a critical part of information security.
2. Confidentiality
Maintaining
confidentiality is nondisclosure of objects to the unauthorized subjects.
Protection of confidentiality is important part of cyber security program. Some
examples are bank accounts, personal information, financial records, etc.
3. Integrity
Maintaining
integrity is stopping unauthorized modification of objects.
For example,
unauthorized change of bank account data, database data, email, etc.
4. Availability
Maintaining
availability means timely available of objects to the authorized subjects.
For example:
The timely
availability of cash at ATM to the authorized account holder.
5. Identification
Identification
is the process in which the user has to identify with some identification. i.e.
username, email, etc.
6. Authentication
It is a
process of verifying the identity of a user or process. For that user need to
provide more information like password, pin etc. Compare this information to
pre-existing data for verifying. Once matching end up successful authentication
otherwise authorization steps begins.
7. Authorization
User needs
permission or authorization to access resources like files, database. Also need
authorization to create and change resources.
8. Risk
Management concept Threat
Threat is
loss or destruction due to action of a subject. Some examples of threats are
natural disaster, humans, malware, system accident, etc.
9. Vulnerability
It is
susceptibility or weakness of an object to a threat.
Risk
Risk is
possible exploitation of an object. Risk depends upon existence of both threat
and vulnerability.
Spam and
Malicious Software Spam
Spam may or
may not malware. Spam is defined as unwanted message sent to an enormous list
of recipients. Typically, spam is sent in an email form for commercial purpose,
i.e. promote products or services. Spam can turn into malware when it contains
malicious programs.
Malicious
Software
Malicious software
is any software intentionally designed to cause damage to a computer, server,
client, or computer network. A wide variety of malware types exist, including
computer viruses, worms, Trojan horses, Ransomware, spyware, adware, etc.
Malicious
software also known as malware they can get into your computer and performs
actions without your permissions and giving hackers full access to data, device
and system.
Types of
malicious software
1. Viruses
A computer
virus is a malicious software program loaded onto a user’s computer without the
user’s knowledge and attaches to the programs or application in order to be
activated and can pass from one computer to another or across an entire
network.
2. Trojans
A Trojan
horse program has the appearance of having a useful and desired function. A
Trojan horse neither replicates nor copies itself but cause damage or
compromises the security of the computer. It disguises itself as a trusted
software program or application to get into your system and attack later.
3. Ransomware
It locks
your files and demands you pay a ransom to unlock and access them again. This
type of malware is rapidly becoming more advanced. It can immediately start
deleting files as soon as you are infected and pressuring you to pay up.
4. Worms
A computer
worm is a type of malware that spreads copies of itself from computer to
computer. A worm can replicate itself without any human interaction, and it
does not need to attach itself to a software program in order to cause damage.
5. Spyware
It is a type
of malicious software that spies on user activity, from collecting keystrokes
to browser history to data harvesting. Spyware enters in computer as a virus,
Trojans or building with trusted programs.
Computer
Crime/ Cyber Crime
Cyber Crime
is illegal activities done using computers and Internet. Computer crime is
committed in order to steal others files, data, documents, confidential
information or to harm computer and its user. Computer Crime and cyber Crime
are usually used interchangeably. Cyber Crimes include Internet-related
forgery, fraud, vandalism, software piracy, hacking, cracking, plagiarism, etc.
Dictionaries
define Cyber Crime as “a criminal activity committed on the internet. This is a
broad term that describes everything from electronic cracking to denial of
service attacks that cause electronic commerce sites to lose money”.
Cyber Crimes
can be basically divided into three major categories:
1. Cyber Crime
against persons
2. Cyber Crime
against property
3. Cyber Crime
against government
Cyber Law
Cyber law is
a term that deals with the Internet's relationship to technological and
electronic elements, including computers, software, hardware and information
system. Simply, the cyber law is the law which is used for stopping computer
crime and abuse.
It is the
area of law that deals with the use of internet and computers and the exchange
of communications and information, which includes the issues concerning with
the protection of intellectual property rights, freedom of speech and public
access to information.
In simple
words, cyber law is the law that deals with the legal issues which is related
to the access, usage and privacy of information. Cyber law is made for
controlling the crimes like theft of information, fraud, forgery, etc.
The areas
covered by cyber law are: Digital Signature Law, Copyright Law, Trademark Law,
Telecommunication Law and Data protection and privacy law.
Privacy and
Anonymity (IMP)
·
Privacy
Privacy is
the ability of an individual or group to keep private themselves or information
about themselves, and thereby express themselves selectively. When something is
private to a person, it usually means that something is sensitive to them.
·
Anonymity
Anonymity
means “without name”. It means the state of an individual’s identity or
personally identifiable information, being publicly unknown. It means real
author of a message is not shown. Anonymity can be implemented to make it
impossible or very difficult to find the real author of a message.
Intellectual
Property Right (IPR)
Intellectual
Property Right (IPR) is the rights given to persons over the creations of their
minds, like inventions, literary, artistic works, etc. They usually give the
creator an exclusive right over the use of his/her creation for a certain
period of time. Intellectual property rights are divided into two main areas:
Industrial
Property
Industrial
property is one of two subsets of intellectual property (the other being
copyright), it takes a range of forms, including patents for inventions,
industrial designs, trademarks, service marks, layout-designs of integrated
circuits, commercial names and designations, geographical indications and
protection against unfair competition. The object of industrial property
consists of signs conveying information, in particular to consumers, regarding
products and services offered on the market. Protection is directed against
unauthorized use of such signs that could mislead consumers, and against
misleading practices in general.
Copyright
and Rights related to copyright
The rights
of authors of literary and artistic works such as books and other writings,
musical compositions, painting, computer program and films are protected by
copyright, for a minimum period of 50 years after the death of the author. The
main purpose of copyright and related right is to encourage and reward creative
work.
Digital
Signature
A digital
signature is the security mechanism system in the cyber space. It is a digital
identity of the sender that uniquely identifies particular sender
electronically. Digital signature is used in the Internet for the secure
transaction. Digital signature uses two different keys for authentication, one
for creating a digital signature and another key is used for verifying a
digital signature.
A digital
signature is a mathematical scheme for verifying the authenticity of digital
message or documents. A valid digital signature, where prerequisites are
satisfied, gives a recipient very strong reason to believe that the message was
created by a known sender and that the message was not altered in transit.
Advantage of
Digital Signature:
1. Faster Transactions and Better Customer
Service
2. Built Into Your Digital Workflows
3. Fewer Errors Than Paper-Based Systems
4. Fewer Errors Than Paper-Based Systems
5. Maintain Compliance & Security